Your database holds all of the key information of your website. Failure to protect it means not only potential loss of private information such as usernames, email addresses, and more, but also allows an attacker to possibly add entries which could create spam or malware links on your site (or worse). Therefore, you must consider how your database(s) are accessed for routine maintenance.
Keeping your software updated
Websites are often hacked via security holes found in old versions of web software, such as web forums, wikis, and blogs. It's your responsibility to keep the website's applications updated with the latest version.
DreamHost's One-Click Installs are automatically updated, if you select the option to auto update. If you do not enable the auto upgrade feature, you are responsible for keeping your applications up to date.
Some applications (e.g., Joomla) do not provide an upgrade path from older versions, which will then need to be updated manually. Please check with the application’s developers for further assistance on upgrading.
Setting file permissions
When setting up file permissions, DreamHost recommends that you set the permissions to the following:
Files – chmod 644 Directories – chmod 755 Executables – chmod 755
Here is an example on how this should look:
[server]$ ls -al drwxr-xr-x 2 exampleuser pg5034488 10 Apr 22 09:13 example_directory -rwxr-xr-x 1 exampleuser pg5034488 0 Apr 22 09:14 example_executable.cgi -rw-r--r-- 1 exampleuser pg5034488 0 Apr 22 09:12 example_file.php
View the following article for further details:
Assigning a unique user to each domain
DreamHost recommends that you host each of your individual sites with its own unique web user. The reason for this is that if one of your sites becomes compromised, the exploit won't expand to your other sites.
Enhanced user security
The Enhanced User Security setting prevents a user's home directory from being accessed by other DreamHost users. This option is enabled separately for each user in the panel, and it's strongly recommended that you enable this option unless it is necessary for other users to access your data. If it is disabled, incorrectly set permissions can allow any DreamHost user to read or possibly modify your data, including passwords held in configuration files.
You can find more information in the following article:
Managing your files on the server
SSH, secure shell, is the preferred method for connecting to your machine. SSH encrypts the communication from the local machine and the destination machine. This means that your password is not being transmitted in plain text, which is what TELNET does.
SSH must be turned on for your users. View the Enabling Shell Access article for details.
SFTP instead of FTP
Since FTP is not secure, SFTP is only recommended when connecting to your server. View the SFTP article for details.
Serving your files securely
There may be situations when you wish to serve your files securely, such as if you are running an eCommerce website: obviously, you wouldn’t want to send vital information over the Internet without protection.
To add an extra layer of security, you can set up secure hosting and purchase an SSL certificate. You can find more information about how to set up these services in the following article:
- How do I enable Extra Web Security for my website?
- How do I set up Enhanced User Security?
- Keeping your DreamHost panel secure
- How to modify a One-Click upgrade action
- SSH overview
- UNIX commands overview
- UNIX commands - Changing ownership
- UNIX commands - Changing permissions
- UNIX commands - Working with directories
- UNIX commands - Working with files